Debain + Squid 2.5 + NTLM (works, but not completely)

[Truffles]

So we've had this setup for a while (Debian, Squid and NTLM auth to Active Directory), and now I get to take care of it because we've run out of people that actually know Linux. So I know enough to go through the logs and see what's breaking and the issue I'm having is that I don't have any errors.

Basically a user may have restricted Internet based on what groups they're in within Active Directory, and that works. But when you change their group membership, Squid doesn't get the update, and still behaves as if the membership hasn't changed.

So where should I be looking? There's only NTLM authentication, no basic or other (it's commented out in the squid.conf file). I guess I'd like to know if there's a cache of credentials somewhere either in squid or the NTLM helper?

The server event logs don't show any issues either, and user access behaves as expected when group membership changes, so I pulling out my hair trying to track this one down.

Thanks in advance for any help,
-Truffles

[Truffles]

I pulled out the backup proxy the previous admin made a while ago (it's just running on desktop hardware), copied the squid.conf file across and tested permissions. It takes a restart of squid after you change group membership (not a reload), but the backup proxy is working properly. On one hand it's good news because it's definitely not the AD, and it's not the config file. On the other hand, I have NFI .

Using this as a reference - techmiso.com/1934/howto-install-squid-web-proxy-server-with-active-directory-authentication/ - I'll see if I can figure out what else it might be.